This HOWTO uses CentOS 5.3, the latest “stable” OpenVPN package 2.0.9, and assumes you already have AD and Certificate Services running. This VPN configuration is a bridge, meaning users have full TCP/IP access to the internal network once connected.

1 Base OS SetupThe goal is to make this appliance light. But for ease sake, not every package has been removed. This is a tight box, but not ultra-light. This box has no GUI, it is command line only. Knowledge of vi is recommended.

AuthenticationIn the olden days, my (in)experience, authconfig-tui often created a mess, and so I would edit each file needed for the system to use winbind before being joined to the domain. But now, authconfig-tui does a decent job -- though some adjustment will still be needed.

Exhibit 1: authconfig-tui -- windbind should be selected

Exhibit 2: Admin Server is optional. Enter your domain's info.

Exhibit 3: winbind will be adjusted later. Do NOT join to the domain yet. Chances are your clock-skew will not allow it.

When done, close this out. You can get to this page at any time by typing setup.Install pam-devel + bridge-utils + samba-common (no 's' at the end):# yum install pam-devel bridge-utils samba-common